The Red Alert ransomware was taken public on July 5, 2022 via twitter by MalwareHunterTeam. According to the ransomware’s own website, as of this date, Red Alert had only a single company on its victim list.
The group behind the attacks has used two appellations in its operations, Red Alert in its attacks and in its ransom notes, but also ”N13V” internally.
The malware targets VMWare ESXi virtual servers, both Linux and Windows. Red Alert is designed to be used by command line, allowing the threat author to shut down any virtual machine that is active.
The Red Alert ransomware is then able to encrypt the files corresponding to the virtual machines, such as .vmdk disks, SWAP files, blogs and others.
After the encryption process, the ransomware generates a .txt file named ”HOW_TO_RESTORE” with the details about the ransomware procedure. In this document is mentioned the name ”Red Alert”, the ransom amount as well as a link for payment in MONERO cryptocurrency, which is the only currency accepted for the ransom.
The group has been attacking companies, practicing double extortion. Which means that before encrypting the data, the Red Alert ransomware manages to steal the information about the virtual machine.
This practice is widely used by hackers, allowing the authors of the threat to demand a ransom not only to acquire the decryption key, but also to prevent the release of the stolen data.
The Red Alert ransomware is a new malware with few executed attacks, so it is expected that in the coming days the group will continue to attack more and more companies around the world.
Recover files encrypted by Red Alert ransomware
Digital Recovery has developed a solution capable of recovering encrypted files without the need to contact the criminals to obtain the decryption key. This solution was developed in-house and allows the recovery of data encrypted by ransomware.
For more than 23 years, Digital Recovery has been operating in the market of data recovery in various storage devices, such as Storages, Databases, Virtual Machines, RAID systems, Servers and others.
Secrecy and security are part of our daily vocabulary. For this reason we base all our solutions on the General Data Protection Regulation (GDPR). We also provide our clients with a confidentiality agreement (NDA)
Thanks to our technology, our services can be carried out remotely, quickly and safely.
Contact one of our specialists and recover your encrypted data now.